package org.bouncycastle.crypto.tls;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.security.SecureRandom;
import java.util.Vector;
import org.bouncycastle.crypto.params.AsymmetricKeyParameter;
import org.bouncycastle.crypto.tls.TlsProtocol;
import org.bouncycastle.crypto.util.PublicKeyFactory;
import org.bouncycastle.util.Arrays;

/* loaded from: classes2.dex */
public class TlsServerProtocol extends TlsProtocol {
    protected TlsServer a;
    protected q b;
    protected TlsKeyExchange c;
    protected TlsCredentials d;
    protected CertificateRequest e;
    protected short f;
    protected n g;

    public TlsServerProtocol(InputStream inputStream, OutputStream outputStream, SecureRandom secureRandom) {
        super(inputStream, outputStream, secureRandom);
        this.a = null;
        this.b = null;
        this.c = null;
        this.d = null;
        this.e = null;
        this.f = (short) -1;
        this.g = null;
    }

    private void b(Certificate certificate) throws IOException {
        if (this.e == null) {
            throw new IllegalStateException();
        }
        if (this.u != null) {
            throw new TlsFatalAlert((short) 10);
        }
        this.u = certificate;
        if (certificate.isEmpty()) {
            this.c.skipClientCredentials();
        } else {
            this.d.getCertificate();
            this.f = TlsUtils.a(certificate);
            this.c.processClientCertificate(certificate);
        }
        this.a.notifyClientCertificate(certificate);
    }

    private boolean l() {
        short s = this.f;
        return s >= 0 && TlsUtils.hasSigningCapability(s);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.bouncycastle.crypto.tls.TlsProtocol
    public final void a() {
        super.a();
        this.c = null;
        this.d = null;
        this.e = null;
        this.g = null;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.bouncycastle.crypto.tls.TlsProtocol
    public final void a(short s) throws IOException {
        if (s != 41) {
            super.a(s);
        } else {
            if (!TlsUtils.isSSL(this.b) || this.e == null) {
                return;
            }
            b(Certificate.EMPTY_CHAIN);
        }
    }

    /* JADX WARN: Failed to find 'out' block for switch in B:12:0x002d. Please report as an issue. */
    @Override // org.bouncycastle.crypto.tls.TlsProtocol
    protected final void a(short s, byte[] bArr) throws IOException {
        CertificateStatus certificateStatus;
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        Certificate certificate = null;
        if (s == 1) {
            if (this.z != 0) {
                throw new TlsFatalAlert((short) 10);
            }
            ProtocolVersion readVersion = TlsUtils.readVersion(byteArrayInputStream);
            if (readVersion.isDTLS()) {
                throw new TlsFatalAlert((short) 47);
            }
            byte[] readFully = TlsUtils.readFully(32, byteArrayInputStream);
            if (TlsUtils.readOpaque8(byteArrayInputStream).length > 32) {
                throw new TlsFatalAlert((short) 47);
            }
            int readUint16 = TlsUtils.readUint16(byteArrayInputStream);
            if (readUint16 < 2 || (readUint16 & 1) != 0) {
                throw new TlsFatalAlert((short) 50);
            }
            this.v = TlsUtils.readUint16Array(readUint16 / 2, byteArrayInputStream);
            short readUint8 = TlsUtils.readUint8(byteArrayInputStream);
            if (readUint8 <= 0) {
                throw new TlsFatalAlert((short) 47);
            }
            this.w = TlsUtils.readUint8Array(readUint8, byteArrayInputStream);
            this.x = c(byteArrayInputStream);
            this.b.a = readVersion;
            this.a.notifyClientVersion(readVersion);
            this.t.g = readFully;
            this.a.notifyOfferedCipherSuites(this.v);
            this.a.notifyOfferedCompressionMethods(this.w);
            if (Arrays.contains(this.v, 255)) {
                this.C = true;
            }
            byte[] extensionData = TlsUtils.getExtensionData(this.x, h);
            if (extensionData != null) {
                this.C = true;
                if (!Arrays.constantTimeAreEqual(extensionData, TlsUtils.encodeOpaque8(TlsUtils.EMPTY_BYTES))) {
                    throw new TlsFatalAlert((short) 40);
                }
            }
            this.a.notifySecureRenegotiation(this.C);
            if (this.x != null) {
                this.a.processClientExtensions(this.x);
            }
            this.z = (short) 1;
            TlsProtocol.a aVar = new TlsProtocol.a(this, (short) 2);
            ProtocolVersion serverVersion = this.a.getServerVersion();
            if (!serverVersion.isEqualOrEarlierVersionOf(this.b.getClientVersion())) {
                throw new TlsFatalAlert((short) 80);
            }
            this.m.l = serverVersion;
            this.m.m = serverVersion;
            this.m.n = true;
            this.b.b = serverVersion;
            TlsUtils.writeVersion(serverVersion, aVar);
            aVar.write(this.t.h);
            TlsUtils.writeOpaque8(TlsUtils.EMPTY_BYTES, aVar);
            int selectedCipherSuite = this.a.getSelectedCipherSuite();
            if (!Arrays.contains(this.v, selectedCipherSuite) || selectedCipherSuite == 0 || selectedCipherSuite == 255) {
                throw new TlsFatalAlert((short) 80);
            }
            this.t.b = selectedCipherSuite;
            short selectedCompressionMethod = this.a.getSelectedCompressionMethod();
            if (!Arrays.contains(this.w, selectedCompressionMethod)) {
                throw new TlsFatalAlert((short) 80);
            }
            this.t.c = selectedCompressionMethod;
            TlsUtils.writeUint16(selectedCipherSuite, aVar);
            TlsUtils.writeUint8(selectedCompressionMethod, (OutputStream) aVar);
            this.y = this.a.getServerExtensions();
            if (this.C) {
                if (TlsUtils.getExtensionData(this.y, h) == null) {
                    this.y = TlsExtensionsUtils.ensureExtensionsInitialised(this.y);
                    this.y.put(h, TlsUtils.encodeOpaque8(TlsUtils.EMPTY_BYTES));
                }
            }
            if (this.y != null) {
                this.t.i = a(this.x, this.y, (short) 80);
                this.t.j = TlsExtensionsUtils.hasTruncatedHMacExtension(this.y);
                this.D = !this.A && TlsUtils.hasExpectedEmptyExtensionData(this.y, TlsExtensionsUtils.EXT_status_request, (short) 80);
                this.E = !this.A && TlsUtils.hasExpectedEmptyExtensionData(this.y, TlsProtocol.i, (short) 80);
                a(aVar, this.y);
            }
            if (this.t.i >= 0) {
                this.m.a(1 << (this.t.i + 8));
            }
            this.t.d = a(this.b, this.t.getCipherSuite());
            this.t.e = 12;
            aVar.a();
            this.m.b();
            this.z = (short) 2;
            Vector serverSupplementalData = this.a.getServerSupplementalData();
            if (serverSupplementalData != null) {
                a(serverSupplementalData);
            }
            this.z = (short) 3;
            this.c = this.a.getKeyExchange();
            this.c.init(this.b);
            this.d = this.a.getCredentials();
            TlsCredentials tlsCredentials = this.d;
            if (tlsCredentials == null) {
                this.c.skipServerCredentials();
            } else {
                this.c.processServerCredentials(tlsCredentials);
                certificate = this.d.getCertificate();
                a(certificate);
            }
            this.z = (short) 4;
            if (certificate == null || certificate.isEmpty()) {
                this.D = false;
            }
            if (this.D && (certificateStatus = this.a.getCertificateStatus()) != null) {
                TlsProtocol.a aVar2 = new TlsProtocol.a(this, (short) 22);
                certificateStatus.encode(aVar2);
                aVar2.a();
            }
            this.z = (short) 5;
            byte[] generateServerKeyExchange = this.c.generateServerKeyExchange();
            if (generateServerKeyExchange != null) {
                TlsProtocol.a aVar3 = new TlsProtocol.a((short) 12, generateServerKeyExchange.length);
                aVar3.write(generateServerKeyExchange);
                aVar3.a();
            }
            this.z = (short) 6;
            if (this.d != null) {
                this.e = this.a.getCertificateRequest();
                CertificateRequest certificateRequest = this.e;
                if (certificateRequest != null) {
                    this.c.validateCertificateRequest(certificateRequest);
                    CertificateRequest certificateRequest2 = this.e;
                    TlsProtocol.a aVar4 = new TlsProtocol.a(this, (short) 13);
                    certificateRequest2.encode(aVar4);
                    aVar4.a();
                    TlsUtils.a(this.m.k, this.e.getSupportedSignatureAlgorithms());
                }
            }
            this.z = (short) 7;
            byte[] bArr2 = new byte[4];
            TlsUtils.writeUint8((short) 14, bArr2, 0);
            TlsUtils.writeUint24(0, bArr2, 1);
            c(bArr2, 0, 4);
            this.z = (short) 8;
            this.m.k.b();
            return;
        }
        if (s == 11) {
            short s2 = this.z;
            if (s2 == 8) {
                this.a.processClientSupplementalData(null);
            } else if (s2 != 9) {
                throw new TlsFatalAlert((short) 10);
            }
            if (this.e == null) {
                throw new TlsFatalAlert((short) 10);
            }
            Certificate parse = Certificate.parse(byteArrayInputStream);
            b(byteArrayInputStream);
            b(parse);
            this.z = (short) 10;
            return;
        }
        if (s == 20) {
            short s3 = this.z;
            if (s3 != 11) {
                if (s3 != 12) {
                    throw new TlsFatalAlert((short) 10);
                }
            } else if (l()) {
                throw new TlsFatalAlert((short) 10);
            }
            a(byteArrayInputStream);
            this.z = (short) 13;
            if (this.E) {
                NewSessionTicket newSessionTicket = this.a.getNewSessionTicket();
                if (newSessionTicket == null) {
                    throw new TlsFatalAlert((short) 80);
                }
                TlsProtocol.a aVar5 = new TlsProtocol.a(this, (short) 4);
                newSessionTicket.encode(aVar5);
                aVar5.a();
                i();
            }
            this.z = (short) 14;
            j();
            this.z = (short) 15;
            this.z = (short) 16;
            return;
        }
        if (s == 23) {
            if (this.z != 8) {
                throw new TlsFatalAlert((short) 10);
            }
            this.a.processClientSupplementalData(d(byteArrayInputStream));
            this.z = (short) 9;
            return;
        }
        if (s == 15) {
            if (this.z != 11) {
                throw new TlsFatalAlert((short) 10);
            }
            if (!l()) {
                throw new TlsFatalAlert((short) 10);
            }
            DigitallySigned parse2 = DigitallySigned.parse(this.b, byteArrayInputStream);
            b(byteArrayInputStream);
            try {
                byte[] a = a(this.b, this.g, (byte[]) null);
                AsymmetricKeyParameter createKey = PublicKeyFactory.createKey(this.u.getCertificateAt(0).getSubjectPublicKeyInfo());
                TlsSigner createTlsSigner = TlsUtils.createTlsSigner(this.f);
                createTlsSigner.init(this.b);
                createTlsSigner.verifyRawSignature(parse2.getAlgorithm(), parse2.getSignature(), createKey, a);
                this.z = (short) 12;
                return;
            } catch (Exception unused) {
                throw new TlsFatalAlert((short) 51);
            }
        }
        if (s != 16) {
            throw new TlsFatalAlert((short) 10);
        }
        switch (this.z) {
            case 8:
                this.a.processClientSupplementalData(null);
            case 9:
                if (this.e == null) {
                    this.c.skipClientCredentials();
                } else {
                    if (TlsUtils.isTLSv12(this.b)) {
                        throw new TlsFatalAlert((short) 10);
                    }
                    if (!TlsUtils.isSSL(this.b)) {
                        b(Certificate.EMPTY_CHAIN);
                    } else if (this.u == null) {
                        throw new TlsFatalAlert((short) 10);
                    }
                }
            case 10:
                this.c.processClientKeyExchange(byteArrayInputStream);
                b(byteArrayInputStream);
                a(this.b, this.c);
                this.m.a(this.a.getCompression(), this.a.getCipher());
                this.g = this.m.c();
                if (!this.E) {
                    i();
                }
                this.z = (short) 11;
                return;
            default:
                throw new TlsFatalAlert((short) 10);
        }
    }

    public void accept(TlsServer tlsServer) throws IOException {
        if (tlsServer == null) {
            throw new IllegalArgumentException("'tlsServer' cannot be null");
        }
        if (this.a != null) {
            throw new IllegalStateException("'accept' can only be called once");
        }
        this.a = tlsServer;
        this.t = new SecurityParameters();
        this.t.a = 0;
        this.t.h = a(this.n);
        this.b = new q(this.n, this.t);
        this.a.init(this.b);
        this.m.a(this.b);
        this.m.n = false;
        d();
    }

    @Override // org.bouncycastle.crypto.tls.TlsProtocol
    protected final a b() {
        return this.b;
    }

    @Override // org.bouncycastle.crypto.tls.TlsProtocol
    protected final TlsPeer c() {
        return this.a;
    }
}
